π
Attacks & Vulnerabilities
MITRE Says State Hackers Breached its Network via Ivanti Zero Days (2 minute read)
MITRE announced that it has discovered a network breach due to two chained Ivanti VPN zero days. The threat actors bypassed MFA via session hijacking to move laterally across the network and deployed a combination of webshells and backdoors to harvest credentials and maintain access. Evidence collected thus far shows that the attackers did not breach the core enterprise network or partner networks.
Nespresso Domain Serves Up Steamy Cup of Phish, No Cream or Sugar (2 minute read)
A phishing campaign is exploiting a bug in Nespresso's website to bypass detection by security tools that fail to identify malicious nested or hidden links. The attack begins with a phishing email about Microsoft sign-in activity. Clicking the link directs victims to a legitimate but compromised Nespresso URL, which delivers a fake Microsoft login page designed to steal credentials, all while evading security warnings due to the use of the Nespresso address.
Kobold Letters (5 minute read)
This post from Lutra Security demonstrates an email phishing technique called Kobold Letters. In this attack, an attacker makes use of CSS selectors to make an email appear benign until it is forwarded, at which point the phishing email appears. This occurs because the HTML content is moved when the email is forwarded. Examples are provided for various email clients.
The End of GitHub PATs (8 minute read)
Common GitHub workflows rely upon long-lived credentials such as PATs or GitHub apps to interact with repos. To eliminate the possibility of credentials leaking, Chainguard built an STS for GitHub which exchanges short-term credentials for short-term credentials. The architecture for the middleware is described in the post.
Decrypting Synology Patchfiles (14 minute read)
This article discusses how to decode synology patch files using various reverse engineering techniques like decrypting an archive, extracting contents using keytypes and keybuffers, verifying message blocks, and decrypting entries using a ChaCha20Poly1305 key. It shows the process of decrypting and verifying entries in an archive using Python and various cryptographic functions. The article concludes with the successful decryption and verification of the contents of the archive entries.
European police chiefs target E2EE in latest demand for βlawful access' (6 minute read)
The director general of the UK's National Crime Agency has urged Meta to reconsider its rollout of end-to-end encryption (E2EE) on Instagram, echoing concerns raised by European police chiefs about compromising law enforcement's ability to identify illegal activity. The call follows a joint declaration expressing concern over tech platforms implementing encryption that prevents access to message content for monitoring purposes, citing potential threats to child safety.
Markets Matter: A Glance into the Spyware Industry (23 minute read)
This article discusses Intellexa Consortium, which is a network of spyware companies that is facing sanctions for selling surveillance software with human rights and security risks. The consortium's complex structure involves multiple companies and investors, prompting calls for tighter oversight and regulation in the spyware market. Governments are urged to implement "know-your-vendor" requirements to increase transparency and accountability in the industry.